Ad Fraud – We’ve met the bots and they’re us!


“Humans, not Robots, are responsible agents. Robots should be designed and operated as far as practicable to comply with existing laws, fundamental rights and freedoms, including privacy.” Alan Winfield


Cyber Lions

Last week, the marketing industry descended on the Promenade de la Croisette for its annual red carpet frenzy. This year, however, something has fundamentally changed in Cannes: the ongoing revolution in marketing automation has finally reached the Lions. The emphasis was on advertising technology which is changing for ever how advertising is created, bought and sold.

Screen Shot 2015-06-30 at 08.37.35

Brian Terkelsen, chief executive of MediaVest USA put it during the Lions Innovation, a separate event focusing solely on digital advertising, social media, analytics, data and technology: “Today, content isn’t the topic of conversation. Today, ad tech is the topic of conversation.

Ad fraud – a $10 billion pain

Let’s face it, the days of the good old clickfarms are over. Fraudulent activities in digital advertising mean big business. HUGE!

The Association of National Advertisers estimated in December, 2014 that global advertisers will lose $6.3 billion to ad fraud in 2015. With half of 2015 already gone, current projections go as far as $10 billion.

Screen Shot 2015-06-30 at 09.59.26

The broad definition of advertising fraud is that it is a set of ad-related actions generated by infrastructure designed not to deliver the right ad at the right time to the right user, but rather to extract the maximum amount of money from the digital advertising ecosystem, regardless of the presence of an audience. Ad fraud and illegitimate traffic include page views, ad clicks, mouse movement, shopping cart actions, or other seemingly human activities.

Advertising fraud is not a new thing but the wide industrialisation of it – largely catalysed by the rapid growth of programmatic advertising trade – happened almost overnight and advertiser concern only started to heighten over the last year. Industry associations such as theInteractive Advertising Bureau or the JICWEBS are taking actions but it’s like shooting at a fast moving target. A recent survey by e-Marketer found that ad fraud and brand safety are currently the leading obstacles (58%!) to adopting programmatic procedures in advertising trade in the UK and North America. And certain fraudulent practices such as ad injection or site/URL masking make ad fraud and brand safety strongly interrelated. (Here you can read about some of the most common forms of ad fraud in plain language.)


We have met the bots and they are us

At the centre of ad fraud lies robotic or simply bot traffic defined as web traffic originating from hijacked devices masquerading as legitimate users. As Keith Weed rightly said, there could be more robotic eyes in the digital media universe than human ones. And the bots cannot be localised because the are everywhere. The ANA ad fraud study claimed:

“We expected to find bot-focused websites with nothing but a bot audience, but out of nearly three million websites covered in the study, mere thousands were completely built for bots.Most of the bots visited real websites run by real companies with real human visitors. The bots inflated the monetized audiences at those sites by 5 to 50 percent.

Screen Shot 2015-06-30 at 10.56.26

Bot traffic comes from everyday computers that have been hacked and remotely controlled. Yes, even yours is a potential victim! Two-thirds of bot traffic comes from residential IP addresses. Bots hijack browsers to masquerade as real users and blend in with human traffic. After infiltrating home computers with malware, cybercriminals make real money from their victims by installing ad bots.

The most common ways to infiltrate computers are getting users to install toolbars in their browsers, simulating applications such as games or video players in an alternate browser and bundling hidden applications with consumer downloads. (For various reasons, older versions of the Ask toolbar have recently been declared persona non grata by Microsoft, and their security software would kill it on sight. The bulk of this comes thanks to Java, because for years every Java update asks if the user would like to install Ask’s toolbar. Many a computer user has unthinkingly clicked through and installed the toolbar.)

By using the computers of real people—people who are logged in to Gmail, sharing on Facebook, and buying on eBay—the bots do not just blend in, they get targeted. Sophisticated bots move the mouse, making sure to move the cursor over ads. Bots click on ads, put items in shopping carts and visit many sites to generate histories and cookies to appear more demographically appealing to advertisers and publishers. Sounds scary, doesn’t it?


Trust is normally based on history and tolerance. Without much history of anti-ad fraud practices or ad fraud in general, tolerance is an important factor. In a recent ExchangeWire Research report about perceptions of online ad marketplace quality some benchmarks have been established regarding the rates of tolerance of ad fraud: